[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What is the security hole in find -exec rm -- {} \; ?



On 02-Sep-98, 14:27 (CDT), Chris Reed <cr212@cam.ac.uk> wrote: 
> # The following three find commands are commented out do to the
                                                        ^^^^^

That should be "due to". Jeez, how embarassing. I've looked at the file
so many times, and didn't catch it until it was posted in front of
thousands of people. I'm going to go fix it now...

> If there is still some security hole, then what is it?  And is 
> /etc/rcS.d/S55bootmisc.sh (from sysvinit) not at risk from the same 
> problems?

Details at http://www.ultratech.net/~zblaxell/admin_utils/filereaper.txt

And as someone else pointed out, it shouldn't be exploitable at boot
time.

Steve Greenland


Reply to: